Sim Swap Notification subscription yaml #60
Conversation
Sim Swap Notification subscription yaml aligned with CAMARA commonalities design guidelines.
bigludo7
requested review from
DT-DawidWroblewski and
fernandopradocabrillo
as code owners
There was a problem hiding this comment.
@bigludo7
I leave a few initial comments to discuss.
Thanks for the PR!
| security: | ||
| # - {} | ||
| - oAuth2ClientCredentials: [] | ||
| # - BasicAuth: [] | ||
| # - apiKey: [] | ||
| - threeLegged: | ||
| - sim-swap:subscriptions:create |
There was a problem hiding this comment.
A couple comments here:
- The use of OpenId securityScheme (the never-ending topic haha)
- I think we should have different scopes for each operation:
sim-swap:subscriptions:createfor the Create operationsim-swap:subscriptions:readfor the List and Detail operationssim-swap:subscriptions:deletefor the Delete operation
There was a problem hiding this comment.
@bigludo7
if we already have the security property in every operation, the global security is redundant right? I think we can remove it
There was a problem hiding this comment.
@fernandopradocabrillo Which one do you think we can remove ? I followed https://swagger.io/docs/specification/authentication/openid-connect-discovery/ pattern.
There was a problem hiding this comment.
@bigludo7
We can have the security property in every operation or have it global. I think it is better to have it in every endpoint so we can specify the scope that applies to each operation properly
| required: | ||
| - webhook | ||
| properties: | ||
| subscriptionDetail: |
There was a problem hiding this comment.
I know this is the same model we are using in Device Status but, and I would like your opinion here too, for me it does not make sense that the suscriptionDetail is optional. I should not be able to make the request without sending the details, what would be the response?
There was a problem hiding this comment.
Yes got your point. As the subscription/notification is still 'fresh' I guess we're still testing it. I changed the cardinality to mandatory.
| phoneNumber: | ||
| $ref: '#/components/schemas/PhoneNumber' | ||
| type: | ||
| $ref: '#/components/schemas/SimSwapEventType' |
There was a problem hiding this comment.
should we refence RoamingNotificationEventType here as well?
There was a problem hiding this comment.
I will prefer not. If we list all event type in all API that will be complicated to maintain.
Perhaps we should provide 'somewhere' a listing of all event type managed within our CAMARA APIs?
There was a problem hiding this comment.
But currently we list only exact one of them. API client must know what events it can receive and implement corresponding logic. One can keep the list open, but at least base type of events must be described. Events like "even notification subscription ends" and "MSISDN subscription ends" are critically important and must be included in the "base" list of event types.
All above if IMO :)
There was a problem hiding this comment.
@gregory1g Thanks for the feedback
We have only one type for subscribtion but 2 type are managed by notification. Indeed org.camaraproject.sim-swap.v0.subscription-ends is also described in this yaml. We do not plan to provide subscription for this one and send them automatically once the subscription terminates (for any reason). This is described in the doc part.
We should add in this documentation than the same resource for subscription as notification are managed for all other CAMARA APIs.
Following @fernandopradocabrillo review
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
|
|
||
| Note: Additionnally to these list, ``org.camaraproject.sim-swa.v0.subscription-ends`` notification `type` is sent when the subscription ends. | ||
| This notification did not requires dedicated subscription. | ||
| It is used when the subscription expire time (required by the requester) has been reached or if the API server has to stop sending notification prematurely. |
There was a problem hiding this comment.
"if the API server has to stop sending notification prematurely." sounds a bit unclear, what about using more simple wording like "if the API server has to terminate subscription (e.g. when the corresponding phone number is not served by the operator anymore)"?
| # - BasicAuth: [] | ||
| # - apiKey: [] | ||
| - openId: | ||
| - sim-swap:subscriptions:create |
There was a problem hiding this comment.
Do we need independent scopes here?
From the end user privacy point of view, allow someone to subscribe to simswap is equal to allow someone to read simswap timestamp. Or, at least a permission to "subscribe" includes permission to read. Like end user revokes permission to read their SimSwap information, this logically also revokes permission to be notified about such events. This is an API specific logic, and it is too risky to completely delegate it to Auth/Consent configuration.
There was a problem hiding this comment.
@gregory1g This is a fair comment. Could we consider from a privacy perspective that checking now is same than checking for a coming period of x days?
I tend to agree with you.
@fernandopradocabrillo @DT-DawidWroblewski : could you please provide your view here.
There was a problem hiding this comment.
and isn't it possible to have permission to read but not to subscribe to the notification?
There was a problem hiding this comment.
permission to read, but not to subscribe is rather questionable, but still could be needed.
however, permission to subscribe without permission to read sounds like an dangerous security inconsistency
| $ref: '#/components/schemas/PhoneNumber' | ||
| terminationReason: | ||
| type: string | ||
| enum: ["SUBSCRIPTION_EXPIRED", "NETWORK_TERMINATED"] |
There was a problem hiding this comment.
as mentioned above "NETWORK_TERMINTAED" covers a server side termination for whatever reason. Two questions here:
- Is "NETWORK_TERMINTAED" a self-explaining term for a server initiated termination? One can expect that user terminated is different from network terminated.
- shouldn't we add a possibility for an MNO to provide an optional a human readable text description explaining the reason behind server side termination?
There was a problem hiding this comment.
- Not sure to get it. You want me to add USER_TERMINATED ?
- Yes make sense - I've add a
terminationDescriptionattribute.
There was a problem hiding this comment.
- I dot think that we need to be introduce "user terminated" here. But NETWORK_TERMINTAED sounds too narrow. I suggest to consider a more generic term which covers everything which is initiated by the server side, either it is network as such, or user his/her self, or contract between application and MNO or even security conserns.
| - specversion | ||
| - type | ||
| properties: | ||
| id: |
There was a problem hiding this comment.
What about subscription ID, shouldn't it be included in the event as well?
There was a problem hiding this comment.
Yes - It should be part of the Data structure - I add it.
Integrated 2 comments.
| - specversion | ||
| - type | ||
| properties: | ||
| id: |
There was a problem hiding this comment.
Yes - It should be part of the Data structure - I add it.
| $ref: '#/components/schemas/PhoneNumber' | ||
| terminationReason: | ||
| type: string | ||
| enum: ["SUBSCRIPTION_EXPIRED", "NETWORK_TERMINATED"] |
There was a problem hiding this comment.
- Not sure to get it. You want me to add USER_TERMINATED ?
- Yes make sense - I've add a
terminationDescriptionattribute.
|
Hello @gregory1g |
There was a problem hiding this comment.
@bigludo7
I leave you a few comments I've found in a more detailed review. Some are suggestions and some are small fixes.
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Updated following @fernandopradocabrillo review
There was a problem hiding this comment.
Thanks @fernandopradocabrillo for your review. I have updated the yaml accordingly (except the error message that I kept).
| - sim-swap:subscriptions:create | ||
| - sim-swap:subscriptions:read |
There was a problem hiding this comment.
Hello @gregory1g
For me the simswap and the subscription are 2 different entities. As subscription is a distinct entity it makes sense to have distinct scope to manage it but worth to be discussed.
As we should have same discussion in subscription for device location and device status probably better to bring this discussion to commonalities.
If a user revokes their "read my SimSwap info" for app XYZ, it is Telco commitment to terminate app XYZ subscription (if any) and prevent any sim swap data sharing with XYZ.
| content: | ||
| application/json: | ||
| schema: | ||
| $ref: '#/components/schemas/SubscriptionInfo' |
There was a problem hiding this comment.
@bigludo7
One doubt here, in case I've missed something, why do we have the phoneNumber as optional in the request body?
And, even if we have it optional in the request, shouldn't it be required in the response? I think the response must give the complete information of the subscription. Applies the same for the GET endpoints
There was a problem hiding this comment.
Yes make sense for POST & GET answers --> I've updated.
For POST request, the phoneNumber could be optional as we can have it by the network thru Authorization code flow or CIBA flow.
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Co-authored-by: Fernando Prado Cabrillo <fernando.pradocabrillo@telefonica.com>
Changed cardinality for phoneNumber
There was a problem hiding this comment.
Changed cardinality for phoneNumber as suggested by @fernandopradocabrillo
|
Hello @fernandopradocabrillo @gregory1g @DT-DawidWroblewski Any pending issue preventing to get your approval? |
nothing from my side. |
LGTM from my side too. If we detect something in the future we can always fix it |
| - ``org.camaraproject.sim-swap.v0.swapped`` - Event triggered when a sim swap occurs on the associated phoneNumber | ||
|
|
||
|
|
||
| Note: Additionnally to these list, ``org.camaraproject.sim-swa.v0.subscription-ends`` notification `type` is sent when the subscription ends. |
There was a problem hiding this comment.
Typo:
is:
org.camaraproject.sim-swa.v0.subscription-ends
should be:
org.camaraproject.sim-swap.v0.subscription-ends
|
|
||
|
|
||
| Note: Additionnally to these list, ``org.camaraproject.sim-swa.v0.subscription-ends`` notification `type` is sent when the subscription ends. | ||
| This notification did not requires dedicated subscription. |
There was a problem hiding this comment.
Grammar issue:
is:
This notification did not requires dedicated subscription.
should be:
This notification does not require a dedicated subscription.
|
|
||
| termsOfService: http://swagger.io/terms/ | ||
| contact: | ||
| email: project-email@sample.com |
There was a problem hiding this comment.
should we have an explicit email to sub-project owner here?
There was a problem hiding this comment.
Not sure - I followed here what we have in other API but this is a fair question.
My suggestion is to have an issue in Commonalities to have a common rule.
| version: 0.1.0-wip | ||
| externalDocs: | ||
| description: Product documentation at CAMARA | ||
| url: https://github.com/camaraproject/ |
There was a problem hiding this comment.
I think here we should use the following URL:
https://github.com/camaraproject/SimSwap
| $ref: "#/components/responses/Generic503" | ||
| security: | ||
| - { } | ||
| - notificationsBearerAuth: [ ] |
There was a problem hiding this comment.
is there a dedicated security scheme for notifications? or are we following CIBA and use push mode see CIBA spec for reference?
There was a problem hiding this comment.
Not sure - I've replicated same thing than in other Subscription API. If we want to provide more we should probably propose someting here: https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#security-considerations
| enum: | ||
| - org.camaraproject.sim-swap.v0.swapped | ||
|
|
||
| RoamingNotificationEventType: |
There was a problem hiding this comment.
Roaming notification in sim swap API? is it a new enhancement coming with sim swap notification?
There was a problem hiding this comment.
ah ah ah ... no :) good catch Dawid. I've wrongly name this class and forget to use it (2 errors on a same line). I fix it.
Updated following @DT-DawidWroblewski review.
What type of PR is this?
What this PR does / why we need it:
Add a new API to manage sim swap notification subscription & notification.
yaml aligned with CAMARA commonalities design guidelines.
Which issue(s) this PR fixes:
Fixes #47
Special notes for reviewers:
Changelog input
Additional documentation
This section can be blank.